2014年12月22日月曜日

21日 月曜日、大安

+ RHSA-2014:2025 Important: ntp security update
https://rhn.redhat.com/errata/RHSA-2014-2025.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295

+ RHSA-2014:2024 Important: ntp security update
https://rhn.redhat.com/errata/RHSA-2014-2024.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296

+ RHSA-2014:2024 Important: ntp security update
https://access.redhat.com/errata/RHSA-2014:2024
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296

+ About the security content of Xcode 6.2 beta 3
http://support.apple.com/en-us/HT204147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9390

+ CESA-2014:2023 Moderate CentOS 7 glibc Security Update
http://lwn.net/Alerts/627039/

+ CESA-2014:2010 Important CentOS 7 kernel Security Update
http://lwn.net/Alerts/627042/

+ CESA-2014:2021 Important CentOS 7 jasper Security Update
http://lwn.net/Alerts/627040/

+ CESA-2014:2021 Important CentOS 6 jasper Security Update
http://lwn.net/Alerts/627041/

+ CESA-2014:2008 Important CentOS 5 kernel Security Update
http://lwn.net/Alerts/626811/

+ phpMyAdmin 4.3.3 is released
http://sourceforge.net/p/phpmyadmin/news/2014/12/phpmyadmin-433-is-released/

+ UPDATE: HPSBGN03204 rev.2 - HP Business Process Management running SSLv3, Remote Disclosure of Information
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04510023&docLocale=ja_JP

+ Check Point response to NTP vulnerabilities (CVE-2014-9293, CVE-2014-9294, CVE-2014-9295)
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk103825&src=securityAlerts
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295

+ GCC 4.8.4 released
https://gcc.gnu.org/gcc-4.8/

+ NTP 4.2.8 released
http://archive.ntp.org/ntp4/ChangeLog-stable

+ PHP 5.6.4, 5.4.36 released
http://php.net/archive/2014.php#id2014-12-18-2
http://php.net/archive/2014.php#id2014-12-18-3

+ PostgreSQL 9.4 Released!
http://www.postgresql.org/docs/9.4/static/release-9-4.html

+ Samba 4.2.0rc3 Available for Download
https://download.samba.org/pub/samba/rc/WHATSNEW-4.2.0rc3.txt

+ VU#852879 Network Time Protocol daemon (ntpd) contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/852879
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296

+ NTP Uses Weak Default Encryption Key and Weak RNG Seed
http://www.securitytracker.com/id/1031411
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294

+ NTP Logic Error in the receive() Function in 'ntp_proto.c' May Let Remote Users Deny Service
http://www.securitytracker.com/id/1031410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296

+ NTP Buffer Overflows Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1031409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295

+ Apple Xcode Git Path Validation Flaw Lets Remote Users Add Files to the '.git' Folder
http://www.securitytracker.com/id/1031404
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9390

+ Subversion mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1031403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8108

+ Subversion mod_dav_svn REPORT Request Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1031402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3580

+ SA61787 PHP "SoapClient::__getTypes()" Denial of Service Vulnerability
http://secunia.com/advisories/61787/

+ SA60920 PHP Multiple Vulnerabilities
http://secunia.com/advisories/60920/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8142

Database .NET 14.0 released
http://www.postgresql.org/about/news/1558/

だまされる、脅される、盗まれる あなたの「お金」が危ない
今までのセキュリティの常識はもう通じない
http://itpro.nikkeibp.co.jp/atcl/column/14/120900123/120900001/?ST=security

パソコンとの違いで見る、スマートフォンのセキュリティ対策
[ウイルス]スマホは「不正アプリ」を警戒
http://itpro.nikkeibp.co.jp/atcl/column/14/120900122/121700001/?ST=security

パスロジ、マトリックス型パスワード帳アプリ「PassClip」に新版
http://itpro.nikkeibp.co.jp/atcl/news/14/121902339/?ST=security

国内の優秀な研究者を“発掘”、セキュリティ国際会議「CODE BLUE」第2回開催
http://itpro.nikkeibp.co.jp/atcl/news/14/121902337/?ST=security

エヌシーアイ、DDoS攻撃対策装置の運用代行サービスを開始
http://itpro.nikkeibp.co.jp/atcl/news/14/121902336/?ST=security

オプティムがMDMソフトにMac版を追加、遠隔ロック/消去も可能
http://itpro.nikkeibp.co.jp/atcl/news/14/121902331/?ST=security

10年後にプライバシーは存在するか、米調査レポート
http://itpro.nikkeibp.co.jp/atcl/news/14/110601779/121900053/?ST=security

チェックしておきたい脆弱性情報<2014.12.19>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/121800035/?ST=security

JVNVU#90515133 複数の Dell iDRAC 製品にセッション管理に関する脆弱性
http://jvn.jp/vu/JVNVU90515133/

VU#561444 Multiple broadband routers use vulnerable versions of Allegro RomPager
http://www.kb.cert.org/vuls/id/561444

VU#1680209 AppsGeyser generates Android applications that fail to properly validate SSL certificates
http://www.kb.cert.org/vuls/id/1680209

REMOTE: Varnish Cache CLI Interface Remote Code Execution
http://www.exploit-db.com/exploits/35581

DoS/PoC: Ettercap 0.8.0-0.8.1 - Multiple Denial of Service Vulnerabilities
http://www.exploit-db.com/exploits/35580

ラベル:

0 件のコメント:

コメントを投稿

登録: コメントの投稿 (Atom)